tobiasmcnulty · March 25, 2021 16:08
diff --git a/ansibleSetupPostfixSES.yml b/ansibleSetupPostfixSES.yml
 #
 # According to AWS Docs - http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
 #
 # Rewrites all sender addresses to a single canonical ses verified address.
 #
 # Expects a vars files at ../vars/PostfixSES-vars.yml with the following variables:
 #   - ses_host: email-smtp.us-west-x.amazonaws.com
 #   - ses_port: 587
 #   - ses_username: ses-smtp-username
 #   - ses_password: ses-smtp-password
 #   - postfix_canonical_name: [email protected]
 #   - postfix_hostname: postfix.host.name
 #
 # Tested on Ubuntu 14.04
 #
 ---
 - hosts: '{{ host }}'
  user: '{{ user }}'
  sudo: True
  gather_facts: yes

  tasks:
  - include_vars: ../vars/PostfixSES-vars.yml

  - name: Install Postfix and libsasl2-mod
    apt: >
      name={{ item }}
      state=latest
      update_cache=yes
    with_items:
      - postfix
      - heirloom-mailx
    tags:
      - install

  - name: Configure Postfix main.cf
    lineinfile: >
      backup=yes
      dest=/etc/postfix/main.cf
      regexp="^{{ item.variable }}\ ="
      line="{{ item.variable }} = {{ item.value }}"
      state=present
    with_items:
      - { variable: 'relayhost', value: "{{ ses_host }}:{{ ses_port }}" }
      - { variable: 'smtp_sasl_auth_enable', value: 'yes' }
      - { variable: 'smtp_sasl_security_options', value: 'noanonymous' }
      - { variable: 'smtp_sasl_password_maps', value: 'hash:/etc/postfix/sasl_passwd' }
      - { variable: 'smtp_use_tls', value: 'yes' }
      - { variable: 'smtp_tls_security_level', value: 'encrypt' }
      - { variable: 'smtp_tls_note_starttls_offer', value: 'yes' }
      - { variable: 'sender_canonical_maps', value: 'regexp:/etc/postfix/sender_canonical' }
      - { variable: 'myhostname', value: '{{ postfix_hostname }}' }
      - { variable: 'mydestination', value: '{{ postfix_hostname }}, localhost.localdomain, localhost' }
      - { variable: 'smtp_tls_CAfile', value: '/etc/ssl/certs/ca-certificates.crt' }
    tags:
      - config
    register: postfix_main_cf

  - name: Create /etc/postfix/sasl_passwd
    lineinfile: >
      backup=yes
      create=yes
      dest=/etc/postfix/sasl_passwd
      regexp="^{{ ses_host }}"
      line="{{ ses_host }}:{{ ses_port }} {{ ses_username }}:{{ ses_password }}"
      state=present
    tags:
      - config
    register: postfix_sasl_passwd

  - name: postmap hash:/etc/postfix/sasl_passwd
    command: postmap hash:/etc/postfix/sasl_passwd
    tags:
      - config
    when: postfix_sasl_passwd.changed

  - name: Change permissions on /etc/postfix/sasl_passwd.db
    command: chmod 0600 /etc/postfix/sasl_passwd*
    tags:
      - config
    when: postfix_sasl_passwd.changed

  - name: Create /etc/postfix/sender_canonical
    lineinfile: >
      backup=yes
      create=yes
      dest=/etc/postfix/sender_canonical
      regexp=".*{{postfix_canonical_name}}"
      line="/(.*?)@(.*)/ {{postfix_canonical_name}}"
      state=present
    tags:
      - config

  - name: Restart postfix
    service: >
      name=postfix
      state=restarted
    tags:
      - config
    when: postfix_sasl_passwd.changed or postfix_main_cf.changed
	#
	# According to AWS Docs - http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
	#
	# Rewrites all sender addresses to a single canonical ses verified address.
	#
	# Expects a vars files at ../vars/PostfixSES-vars.yml with the following variables:
	# - ses_host: email-smtp.us-west-x.amazonaws.com
	# - ses_port: 587
	# - ses_username: ses-smtp-username
	# - ses_password: ses-smtp-password
	# - postfix_canonical_name: [email protected]
	# - postfix_hostname: postfix.host.name
	#
	# Tested on Ubuntu 14.04
	#
	---
	- hosts: '{{ host }}'
	user: '{{ user }}'
	sudo: True
	gather_facts: yes

	tasks:
	- include_vars: ../vars/PostfixSES-vars.yml

	- name: Install Postfix and libsasl2-mod
	apt: >
	name={{ item }}
	state=latest
	update_cache=yes
	with_items:
	- postfix
	- heirloom-mailx
	tags:
	- install

	- name: Configure Postfix main.cf
	lineinfile: >
	backup=yes
	dest=/etc/postfix/main.cf
	regexp="^{{ item.variable }}\ ="
	line="{{ item.variable }} = {{ item.value }}"
	state=present
	with_items:
	- { variable: 'relayhost', value: "{{ ses_host }}:{{ ses_port }}" }
	- { variable: 'smtp_sasl_auth_enable', value: 'yes' }
	- { variable: 'smtp_sasl_security_options', value: 'noanonymous' }
	- { variable: 'smtp_sasl_password_maps', value: 'hash:/etc/postfix/sasl_passwd' }
	- { variable: 'smtp_use_tls', value: 'yes' }
	- { variable: 'smtp_tls_security_level', value: 'encrypt' }
	- { variable: 'smtp_tls_note_starttls_offer', value: 'yes' }
	- { variable: 'sender_canonical_maps', value: 'regexp:/etc/postfix/sender_canonical' }
	- { variable: 'myhostname', value: '{{ postfix_hostname }}' }
	- { variable: 'mydestination', value: '{{ postfix_hostname }}, localhost.localdomain, localhost' }
	- { variable: 'smtp_tls_CAfile', value: '/etc/ssl/certs/ca-certificates.crt' }
	tags:
	- config
	register: postfix_main_cf

	- name: Create /etc/postfix/sasl_passwd
	lineinfile: >
	backup=yes
	create=yes
	dest=/etc/postfix/sasl_passwd
	regexp="^{{ ses_host }}"
	line="{{ ses_host }}:{{ ses_port }} {{ ses_username }}:{{ ses_password }}"
	state=present
	tags:
	- config
	register: postfix_sasl_passwd

	- name: postmap hash:/etc/postfix/sasl_passwd
	command: postmap hash:/etc/postfix/sasl_passwd
	tags:
	- config
	when: postfix_sasl_passwd.changed

	- name: Change permissions on /etc/postfix/sasl_passwd.db
	command: chmod 0600 /etc/postfix/sasl_passwd*
	tags:
	- config
	when: postfix_sasl_passwd.changed

	- name: Create /etc/postfix/sender_canonical
	lineinfile: >
	backup=yes
	create=yes
	dest=/etc/postfix/sender_canonical
	regexp=".*{{postfix_canonical_name}}"
	line="/(.?)@(.)/ {{postfix_canonical_name}}"
	state=present
	tags:
	- config

	- name: Restart postfix
	service: >
	name=postfix
	state=restarted
	tags:
	- config
	when: postfix_sasl_passwd.changed or postfix_main_cf.changed